Jump to content

Search the Community

Showing results for tags 'DNSspoof'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 25 results

  1. I want the pineapple to use dnsspoof on specific devices not all connected devices, is that possible?
  2. Just curious if its possible to use the Social Engineering Toolkit with the Wifi Pineapple. Here is what i am thinking about but due to my hardware limitations at the moment and my friend who i test this stuff with is on holiday with his family i can not test this legally and i would never break the law so right now i am unable to test this out and i keep thinking about it and the more i think about it the more i want to know if its possible. I have say a Wifi Pineapple Nano or Tetra as it doesn't matter which one and a laptop running Kali Linux with the Social Engineering toolkit installed. I use SET to clone say facebook as an example (before my hardware limitations as was able to use evil portal to do the same thing but i have never tried it this way before). So i have my pineapple plugged in and it is up and running with no errors to my computer running SET with facebook as my example. On the pineapple i run dnsspoof to make sure that anyone connected to my pineapple the tries to go to "facebook" is redirected to my kali machine running my SET server. Now since they are connected to my network via the pineapple when using the dnsspoof module i should only need to spoof the internal IP address of my kali machine which SET is running, right? Is this possible? As i said i can't test this out yet but i am very curious. Thanks guys
  3. Hi, I did a pentest in a LAN, some weird things happened. This LAN is a little unusual, there are two routers, say A and B, A is directly connected to an optical fiber, doing PPPoE, to the WAN, it has a gateway of 192.168.1.1, B is connected to A, wireless router, with a gateway of 192.168.0.1. All the clients and my Kali machine are connected to B. Target has an IP of 192.168.0.104 Here is what I did with Kali, I use the following to arp spoof the target and router B arpsoof -i eth0 -t 192.168.0.1 192.168.0.104 arpsoof -i eth0 -t 192.168.0.104 192.168.0.1 sysctl -w net.ipv4.ip_forward=1 Then I did a Dns Spoof with dnsspoof -i eth0 -f dnshost.spoof It did not work, all the traffic went through my Kali, but the target was still able to access the original webpage. And here comes the weird thing. I stopped the dnsspoof, stopped the ip forwarding sysctl -w net.ipv4.ip_forward=0 and I started the exactly the same exact dnsspoof as last time again, it worked! This really confused me, because after that, I tried to start arpspoof and dnsspoof without setting ip_forward to 1 at all, I left it to be the default 0, and it did not work, because the arp traffic was not working (which is excepted!!). ArpSpoof and dnsspoof both work ONLY IF the process "ip forwarding is firstly enabled and then disabled" completed once, before launching dnsspoof. Ip forwarding only on gives dnsspoof not working, ip forwarding only always off gives arpspoof not working. Besides that, two more strange things I failed to understand. 1, Sometimes, the "ip forward on and off" cycle must be done in the same terminal where the dnsspoof takes place, in order to make it work. Switching on then off in another terminal simply leads to arpspoof failure. 2, Here is the log/feedback of a DnsSpoof root@kali:~# dnsspoof -i eth0 -f dnshost.spoof dnsspoof: listening on eth0 [udp dst port 53 and not src 192.168.0.113] 192.168.0.104.62290 > 192.168.1.1.53: 4678+ A? www.youtube.com 192.168.0.104.62290 > 192.168.0.1.53: 4678+ A? www.youtube.com 192.168.0.104.65063 > 192.168.1.1.53: 31827+ A? www.youtube.com 192.168.0.104.65063 > 192.168.0.1.53: 31827+ A? www.youtube.com 192.168.0.104.55426 > 192.168.1.1.53: 51608+ A? www.sina.com 192.168.0.104.55426 > 192.168.0.1.53: 51608+ A? www.sina.com 192.168.0.104.54794 > 192.168.1.1.53: 5651+ A? www.sina.com 192.168.0.104.54794 > 192.168.0.1.53: 5651+ A? www.sina.com 192.168.0.104.60485 > 192.168.1.1.53: 2950+ A? www.sina.com 192.168.0.104.63394 > 192.168.1.1.53: 41196+ A? www.facebook.com 192.168.0.104.63394 > 192.168.0.1.53: 41196+ A? www.facebook.com 192.168.0.104.52953 > 192.168.1.1.53: 6912+ A? www.facebook.com 192.168.0.104.52953 > 192.168.0.1.53: 6912+ A? www.facebook.com ^Croot@kali:~# dnsspoof -i eth0 -f dnshost.spoof dnsspoof: listening on eth0 [udp dst port 53 and not src 192.168.0.113] 192.168.0.104.53807 > 192.168.1.1.53: 60485+ A? www.youtube.com 192.168.0.104.53807 > 192.168.1.1.53: 60485+ A? www.youtube.com 192.168.0.104.50239 > 192.168.1.1.53: 28894+ A? www.sina.com 192.168.0.104.50239 > 192.168.1.1.53: 28894+ A? www.sina.com The second launch was a failed one, the first one succeeded. The router I am targeting should be 192.168.0.1, as the router B, in the second launch, it is interacting with only router A (192.168.1.1), I am not sure what does that mean and if it has something to do with the failure directly, because in the next few attempts, a feedback situation like this second launch worked sometimes. I am almost 100% sure this issue was due to the two routers, but I am still not able to understand why, or even find a way to make it always work. Please, any suggestion will be appreciated! Thanks
  4. Hi, I m new to pentesting. I have got my pineapple nano last month. i have been learning by watching tutorials available on internet since then. Most of the material available is related to the nano's predecessors. And i have found that some of them dont work anymore or i m not being guided appropriately. Modules like SSLsplit, DNSspoof, DNSMasq Spoof, Evil portal etc dont seem to work anymore. Like SSLsplit and DNSMasq dont seem to work in case of https sites. On browsers like chrome, firefox etc. the sites like facebook, gmail, etc. dont even open when i try to dnsspoof, and secondly the data is still encrypted after using sslsplit. Infact we just cant open the site without https. So i needed to know that after the implementation of HSTS, have these modules become completely useless??? or is there some way around using them? P.S. I m a newbie so please guide me thoroughly.. :)
  5. just got the nano it works great i have had many pineapple but this one is the best Love The Phone app however when do we get the modules it says coming soon i cant use any of the other cool functions outside the old modules standalone ssl strip and the many cool apps just want to know when this will be updated so i can have more fun Thanks !
  6. Hi pineapple people. So I'm using dnsspoof in my mark 5 and after lots of beginner trial and error I managed to build a nice looking fully functioning phishing site that is designed to log wifi creds. So now that I have this site working and loaded into the pnpl web server I'm trying to figure out how to force a specific AP into client mode so that I can run this phishing site against said specific AP. Hypothetically i would like network A to link with the pineapple in client mode but exclude networks C, D, E, F.... ect. I understand that you can do something like this with karma whitelist well using the dauth infusion, however I haven't been able to figure out how to do it on my own. Any help would be greatly appreciated thank you.
  7. Why don't we use the innate ability of dnsmasq to spoof hosts instead of dnsspoof? I noticed that the pineapple would reply to my queries twice when using dnsspoof (instead of once as I expected). After some research http://blog.philippheckel.com/2013/07/18/how-to-dns-spoofing-with-a-simple-dns-server-using-dnsmasq/ I noticed that is it 1. entirely possible thus moving away from the hit and miss of dnsspoof and 2. would make it much neater. Should we look into creating an infusion maybe? Wishing you all well, Cristian
  8. Dear Hak5 Community, Whilst playing around with the Wifi Pineapple MK5 -> dnsspoof and I noticed that whilst I would receive the spoofed reply, dnsmasq would also send the correct record. I then started investigating dnsmasq and I noticed that it is possible to use it in order to spoof hosts directly. The problem I have with dnsspoof is that sometimes the browser would get the correct reply thus making this module less useful. When using dnsmasq the success rate is 100%. Do any of you know why we are not dropping dnsspoof and use dnsmasq instead? I have a proof of concept infusion, but before I work on it any more I would like to know if anyone could foresee any issues with using dnsmasq instead of dnsspoof. Kind regards, Cristian
  9. Hello everyone, I have create a very simple html which is the only page i want my clients to see. Like a captive portal but not intrested in giving them internet connection. I am having problems with nodogsplash which does not redirect any traffic when my pineapple is not connected to the internet. I know i can use "Evil Portal" but i am trying to make this manual. I also noticed that nodogsplash is at 0.9_beta9.9.9 but opkg brings 0.9_beta9.9.6 (not only pineapple, openwrt too) Does the pineapple have to be connected to the internet for nodogsplash to work? Is there a way to replicate the iptables rules nodogsplash creates? Is there any good alternative "captive portal manager" you can suggest? My nodogsplash.conf My /etc/config/dhcp Running: nodogsplash -d 7 -f and it stays like this even when clients connect. As an alternative i tried dnsspoof and iptables (one at a time and both together) My spooofhost.conf dnsspoof -i br-lan -f spoofhost.conf iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination 172.16.42.1 and iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.16.42.1 In this case it redirects traffic to 172.16.42.1 but if pineapple is not connected to the internet Android and iPhone Devices cannot betect the "captive portal" and pop the pseudo browser.
  10. Hello pineapple community. I'm having trouble with my mark v dnsspoof. I wrote my own html that pulls credentials from a form and posts them up to a PHP function located in a separate file. Flow looks like this: Index.html redirect >> main.html >> form >> login.php(data logged) >> redirect >> back to main.html. The idea is that the page loads, which once spoofed it does very nicely. But then I push the submit button, the information posts to the PHP and I get a 404E. Everything is there in html but once directed at any .PHP it 404E's. I fallowed the phishing tutorial and fallowed every step, but for some reason I keep getting the 404E. I'm thinking that PHP isn't installed correctly but I'm kind of new to this and have no Idea what I'm doing wrong. Any help would be greatly appreciated. Thank you.
  11. Hi everyone, As I just recieved my pineapple mark IV, some questions come to me... With the implementation of hsts, sslstrip became a little bit inefficient... (even if I can harvest some of my credentials). I'd like to know a few things : Does someone already test dns2proxy with sslstrip2 from Leonardo Nve ? https://github.com/LeonardoNve How does it works? Cause i'm quite new to this, and i wasn't able to make them work together on my computer. It's ok for the dns which redirect sites to a fake adress when i do a nslookup (like facebook pointing to 192.168.0.123) but sslstrip didn't return me anything. And, it is possible to make an infusion of those to script for a pineapple? (mark IV if possible). And there is the last one, the one i'm ashamed of... how to change my dhcp conf? Sorry if my english seems wierd, i'm french. And thanks :)
  12. I am attempting to perform a MitM-style attack from my machine (MacBook Pro running 64-Bit Kali), by means of ARP-poisoning the communication between my router and my targetted machine (a MacBook Air running OSX Mavericks) on my WLAN (WPA2-secured network). In addition, I would like to employ a dns_spoof. I am using a combination of the following: - SSLStrip - Ettercap (with the dns_spoof plugin enabled). - urlsnarf - Wireshark (for examining post-test PCAP results) The commands I perform are as follows: iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain sslstrip -p -k -w /root/sslstrip.log iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 urlsnarf -i wlan0 | grep http > /root/session.txt # 192.168.2.1 = router, 192.168.2.130 = Macbook Air echo 1 > /proc/sys/net/ipv4/ip_forward; ettercap -T -q -i wlan0 -P dns_spoof -M arp:remote /192.168.2.1/ /192.168.2.130/ ettercap -T -i wlan0 -w /root/session.pcap -P dns_spoof -L /root/session -M arp:remote /192.168.2.1/ /192.168.2.130/ # This runs for a while,I then stop manually... and then clean up and examine results in Wireshark wireshark & killall sslstrip killall python killall urlsnarf iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain etterlog -p -i /root/session.eci I am able to intercept and decode http packets just fine. Unfortunately, I've had little success in capturing redirecting an HTTPS connection to an HTTP one (which I presume SSLStrip should be doing for me). I've tested by targeting multiple machines running different operating systems. For example, when I attempt to access https://www.foo.com/, I'd expect to be redirected to http://www.foo.com/. Instead, what happens is I will receive an untrusted certificate error (Windows 7 + IE, sometimes OSX Mavericks + Safari), a timeout (Mavericks + Safari, iPhone 4s + Safari). Furthermore, the dns_spoof doesn't load; just resolves the domain as it should. (see my /etc/ettercap/etter.dns configuration below). I've un-commented the iptables redirect commands within /etc/etter/etter.conf, as well as set the ec_uid and ec_gid to 0 (from the default of 65534) . . . [privs] ec_uid = 0 # nobody is the default ec_gid = 0 # nobody is the default . . . # if you use iptables: redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport" . . . Alternatively, for a simple dnsspoof, I've tried a simple combination of arpsoof + dnsspoof. Doesn't work either. :( echo 1 > /proc/sys/net/ipv4/ip_forward arpspoof -i wlan0 -t 192.168.2.130 192.168.2.1 dnsspoof -i wlan0 -f /root/hosts.txt I've Googled for a few days now, but after reading post-upon-post of the same ill-fated solutions, alternatives and workarounds, I'm kind of stumped, to say the least. Some configuration files can be seen below... Any help would be greatly appreciated. Thanks,
  13. Hi there.. I am wondering if i can run dnsspoof and deauth to make any clients that they are already connected to a network to disconnect and connect to my karma pineapple. I am using MacOS and Mark V. Thank you for your help!
  14. Hi, I'm trying to set up the Pineapple (firmware 2.0.3) as an access point (no Karma at all, just a single SSID) and display a simple page when wireless clients look for some specific websites. This sounds pretty easy to do. I first have to make the Pineapple connect to an access point with wlan1 to route all the traffic. Then use dnsspoof and make a few host entries (eg: 172.16.42.1 website.com) for the websites I want clients to be redirected to and finally, modifying redirect.php to what I want to display. The routing/forwarding part works, it's a bit slow but it works (I guess due to the forwarding to another AP). However, I can't get dnsspoof to work. When I do dns lookup for one of the domains from a connected client, I get the legitimate IP address and not the IP address I entered in dnsspoof. It worked at some point but all I got was a page that kept trying to load (like when you try to reach the pineapple on port 80; even though I changed the index to go to redirect.php) but it stopped working as soon as I rebooted the pineapple. I also tried removing the infusions and reinstalling them, reflashing the pineapple, removing all unnecessary infusions but it is still not working. Am I doing anything wrong? Or is that scenario not doable on the pineapple?
  15. Hello , i am currently working on MITM attacks and i am trying to redirect websites to my computer through dnsspoof and the problem is that ,although it is picking up traffic and i can see it registers all sites the victim is visiting , it is still letting the victim connect to the website instead of redirecting it to me. Here is a my procedure: -firstly i created a mon0 interface form wlan0 wireless card -i started up my access point [ airbase-ng --essid mitm -c 11 mon0 ] -then i created a bridge between at0 and eth0 : brctl addbr mitm-bridge brctl addif mitm-bridge eth0 brctl addif mitm-bridge at0 ifconfig eth0 0.0.0.0 up ifconfig at0 0.0.0.0 up -then i went into [ ifconfig ] to see my ip ( lets say it is 150.150.1.1 ) and did : ifconfig mitm-bridge 150.150.1.1 up -so now my machine and the bridge have the same ip -then i did ip forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward -i connected the victim to the airbase-ng and everything was fine .The traffic was going through and there was no problem. -then i did: dnsspoof -i mitm-bridge -it started and when i went to google.com on the victim machine it didnt reroute it.It just went to google.com -when it connected to google.com it showed : 192.168.1.13 .<some random 5 digit number> > 192.186.1.1.53 A? google.com -from where i was getting my information about dnsspoof it showed that instead of the 192.168.1.13 ( the ip of the victim device ) should be 150.150.1.1 ( attacking device ) and it was stated that the connection would be refused but it wasnt! Please help me! I am trying to figure this out for a week now... Good day!
  16. Hi there, is there anyone can help me with a spey by step guide for using dnsspoof with the mark V? i tried few tutorials but i have not idea, is not really working! thank you in advance
  17. Hey guys, I just received my new Mark V a few days ago (upgraded from the Mark IV) and I was wondering if anyone else was having issues with DNSSpoof working? The 2GB sd card that shipped with the MK V was corrupt, so I had to download the latest (at the time it was 1.1.0) firmware to my own 8GB sd card. After that it flashed without a hitch. When I SSHed into the pineapple I noticed there was no redirect.php or error.php in /www/, or anywhere else on the MK V for that matter. So I checked the index.html and compared it to the one from the MK IV and they're completely different. Is the MK V handling dnsspoof differently now than the MK IV? I'm going to use my old redirect.php and error.php and try it out, but I was just curious if anyone else had this "issue", or if anyone knows if the MK V is handling dnsspoof differently now. MK V Index.html that came on my pineapple is: <HTML> <BODY> <SCRIPT> if ( window.top==window.self ) { document.write('<iframe src=http://www.google.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.facebook.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.twitter.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.hotmail.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.gmail.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.yahoo.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.paypal.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.live.com style="display:none;"></iframe>'); document.write('<iframe src=http://www.linkedin.com style="display:none;"></iframe>'); } </SCRIPT> </BODY> </HTML> The MK IV Index.html was simply: <html> <head> <meta http-equiv="REFRESH" content="0;url=redirect.php"> </head> <body> </body> </html> Very different. The only other file in /www/ is ncsi.txt and a directory /library/ (within that directory is /test/success.html which is just a simple one liner like the MK IV index.html, just without "REFRESH"). Thanks in advance for any responses/dialog. -Scout.
  18. Apologies for the newbie question: What's the solution for allowing the user to be directed to their desired site once sslstrip has captured credentails? Currently it's just reloading the log in screen rather than allowing login.
  19. Hey! The page that is used is not created by me , its made by the maker of <snip>! i have only made it work for the pineapple!! Requirements: 1.Evil Portal infusion 2.putty or an other way to ssh into your pineapple 3.win scp or an other way to scp into your pineapple 4. internet connection on your pc and pineapple Installation: 1. Download: <snip - link removed> 2. Scp install.sh into the root ("/") directory on your pineapple. 3. Ssh into your pineapple and navigate to your root folder : cd / 4. type : bash install.sh and then hit enter. 5. when it says "installed , have a nice day" then its finished. 6. now go to the WebUI of your pineapple and go to the large tile of NoDogSplash/EvilPortal 7. Follow The Instructions it gives you and once everything is set up click on "start nodogsplash" 8. Your done happy phising! ThroubleShoot 1.if you go to any page and it loads normally or it gives an error go to the configuration tab on the WebUI and click DNSSpoof and if anything is in there delete it and then put :172.16.42.1 * in there and enable DNSSpoof. 2. it is supposed to only give an "incorrect login" message because you then have more chance that people go back and type their facebook login in and if its wrong they do it again but then with gmail and you have both! :) Disclaimer: I am not responsible for any malicious activity you do with this page ! I am not trying to encourage malicious activity i made this out of curiosity if it would work ! If anything is wrong or if you have any questions please leave them below!
  20. Hi everyone, I posted this question in /WifiPineapple/Mark IV section, but this section feels more suitable, so sorry for repost. Last few days I have been working on connecting metasploit and wifipineapple, but I got stuck. :( The idea was that when an user connects to my wifi pineapple, every page he would like to visit would be redirection to "security check" with java_signed_applet. Once the meterpreter session is created, it would add his IP to whitelist and he would be able to surf the web freely. I created a little script which is autoruned after the meterpreter is created and this script opens up victim's browser's new tab with address "http://172.16.42.1/a...php?theirIPaddress". Then their IP is added to txt file. But I am not able to convince Pineapple's DNSspoof to allow some people (whitelisted) surf the web and some to be redirected to "security check". I also tried Ettercap module, but it seems to fail to start up. Please, can anyone help me? I think it is cool idea and I am still learning so I would appreciate any help. Nikedp/Crispy Penguin
  21. Hi everyone, last few days I have been working on connecting metasploit and wifipineapple, but I got stuck. The idea was that when an user connects to my wifi pineapple, every page he would like to visit would be redirection to "security check" with java_signed_applet. Once the meterpreter is created, it would add a user to whitelist and he would be able to surf the web freely. I created a little script which is autoruned after the meterpreter is created and this script opens up victim's browser's new tab with address "http://172.16.42.1/allow.php?theIPadress". Then their IP is added to txt file. But I am not able to convince Pineapple to allow some people (whitelisted) surf the web and some to be redirected to "security check". Please, can anyone help me? I think it is cool idea and I am still learning so I would appreciate any help. Nikedp/Crispy Penguin
  22. I know this has been mentioned in prior threads (quote/link below) but it never seems to have been resolved. To make a long story short my Mark IV works fine with dnsspoof when being run through a tether to my BT5 machine but does not work when I use my alfa in client mode hooked to an access point. (Mark IV is latest firmware, latest build of dnsspoof, adapter is NHA) ICS works fine for anything connecting to the pineapple's wlan0/access point interface, but they just get passed through to the standard internet page. Poking around in the code shown that dnsspoof is hooked to br-lan, and br-lan consists of eth0 and wlan0. I don't think the solution is as simple as adding wlan1 to br-lan as that just gets me an "operation not supported" error. Anyone have a simple solution that I've overlooked or will this require some iw magic?
  23. Pineapple Hardware Version (ex: Mark III, Mark IV, etc.): Mark IV Pineapple Software Version (ex: 2.5.0, 2.6.4): 2.8.0 OS used to connect to the pineapple: CentOS 6 Network layout of how your setup is connected (including IP information): Pineapple is connected to laptop, Laptop is connected to wireless Internet. ICS is set up. The pineapple uses the standard 172.16.42.1 address while the PC is on the 192.168.25.x network Is the problem repeatable (Yes/No): yes Steps taken which created the problem: Pasted custom HTML into the landing page box. If I browse to 172.16.42.1, I see the page. Turn on DNS spoof. Originally tried to go to a specific site and have it re-direct to 172.16.42.1. Then I tried to send all webpages to 172.16.42.1 using the entry 172.16.42.1 * Nothing at all redirects. Error Messages: None. I can't get DNSspoof to work. I have it configured and running but nothing is redirecting to 172.16.42.1, but just goes to the actual site.
  24. Hello all! So first of all urlsnarf doesn't seem to output any logs from client's traffic.Sometimes urlsnarf would output random traffic, but there doesn't seem to be a pattern that I can see. Is there something urlsnarf specifically looks for, or checks for? Maybe I don't know what it specifically does. Second, dnsspoof is spotty in how it works. Sometimes it will correctly re-direct traffic, but other times it won't. It's a little hard to explain, here is a ping output: xandermbp:~ alexander$ ping www.reddit.com PING a659.b.akamai.net (165.254.26.73): 56 data bytes 64 bytes from 165.254.26.73: icmp_seq=0 ttl=48 time=73.265 ms 92 bytes from pineapple.lan (172.16.42.1): Redirect Host(New addr: 172.16.42.42) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 25bb 0 0000 3f 01 bec7 172.16.42.207 165.254.26.73 64 bytes from 165.254.26.73: icmp_seq=1 ttl=48 time=71.029 ms 64 bytes from 165.254.26.73: icmp_seq=2 ttl=48 time=101.353 ms 64 bytes from 165.254.26.73: icmp_seq=3 ttl=48 time=83.039 ms 64 bytes from 165.254.26.73: icmp_seq=4 ttl=48 time=85.661 ms 64 bytes from 165.254.26.73: icmp_seq=5 ttl=48 time=77.908 ms 64 bytes from 165.254.26.73: icmp_seq=6 ttl=48 time=72.256 ms 64 bytes from 165.254.26.73: icmp_seq=7 ttl=48 time=70.567 ms ^C --- a659.b.akamai.net ping statistics --- 8 packets transmitted, 8 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 70.567/79.385/101.353/9.832 ms xandermbp:~ alexander$ ping google.com PING google.com (74.125.224.228): 56 data bytes 64 bytes from 74.125.224.228: icmp_seq=0 ttl=51 time=32.533 ms 92 bytes from pineapple.lan (172.16.42.1): Redirect Host(New addr: 172.16.42.42) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 22d5 0 0000 3f 01 5693 172.16.42.207 74.125.224.228 64 bytes from 74.125.224.228: icmp_seq=1 ttl=51 time=19.402 ms 64 bytes from 74.125.224.228: icmp_seq=2 ttl=51 time=22.356 ms 64 bytes from 74.125.224.228: icmp_seq=3 ttl=51 time=19.230 ms 64 bytes from 74.125.224.228: icmp_seq=4 ttl=51 time=20.175 ms 64 bytes from 74.125.224.228: icmp_seq=5 ttl=51 time=20.814 ms 64 bytes from 74.125.224.228: icmp_seq=6 ttl=51 time=19.545 ms 64 bytes from 74.125.224.228: icmp_seq=7 ttl=51 time=24.446 ms 64 bytes from 74.125.224.228: icmp_seq=8 ttl=51 time=23.360 ms 64 bytes from 74.125.224.228: icmp_seq=9 ttl=51 time=22.641 ms 64 bytes from 74.125.224.228: icmp_seq=10 ttl=51 time=25.756 ms ^C --- google.com ping statistics --- 11 packets transmitted, 11 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 19.230/22.751/32.533/3.722 ms [/CODE] It seems, for the pings, that the pineapple did something but it was still pinging google's and reddit's address. And lastly, the pineapple sometimes seems to be a bottleneck for clients connected to it. Both testing at home and especially at a local coffee shop, clients connected through the pineapple had significantly slower and choppier connections. Right now it's setup connected to my eee pc which is sharing its wifi connection over ethernet to the pineapple. Usually all that is running is karma, urlsnarf, and sslstrip By the way, my Pineapple is a Mark IV, 8GB USB with the swap space correctly made (I followed Darren's tutorial and used the flash script()). Also it is indeed plugged into the wall, so there shouldn't be a power issue.
  25. Not sure if this can be done or not but my php skills are not that good, is there a way to add a white/black list to the DnsSpoof so that who ever is in the white list can still get to the net but anyone on the black list will be redirected to what ever is set?
×
×
  • Create New...